Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5116
python-django security update
17 October 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: python-django
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-41323 CVE-2022-36359 CVE-2022-34265
CVE-2022-28347 CVE-2022-28346 CVE-2022-23833
CVE-2022-22818
Original Bulletin:
http://www.debian.org/security/2022/dsa-5254
Comment: CVSS (Max): 9.8* CVE-2022-34265 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD, [Red Hat]
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* Not all CVSS available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5254-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 15, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : python-django
CVE ID : CVE-2022-22818 CVE-2022-23833 CVE-2022-28346 CVE-2022-28347
CVE-2022-34265 CVE-2022-36359 CVE-2022-41323
Debian Bug : 1004752 1009677 1014541
Multiple security issues were found in Django, a Python web development
framework, which could result in denial of service, SQL injection or
cross-site scripting.
For the stable distribution (bullseye), these problems have been fixed in
version 2:2.2.28-1~deb11u1.
We recommend that you upgrade your python-django packages.
For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNK2BoACgkQEMKTtsN8
TjZ7Hw/+JYONqaFlHSM1zoAZ5Siogck70+ffsSF8NJ1fMyBExPnL7YMF+F9GwzFd
S4FqDd3SnEN2pZlSK84cWp4MXvqwsUEkVcbylZeCQOsk2WoE0BtruxCN937GNcvV
37ixBSC0uekx2B1f8n0YX5mA1nbezZjUnqw8/PomVAf98a0U1er7WJVypgXvvrkT
KMT+D6PB1H3ASPEcNtFcuANd3QN9PGcuRQQHXeonAOSCYVnsiDYj3UN5ts9x+Nap
gC981Uh6jxd07hiCdpPIam3Gjqp2wKFde9UiH25KYoPuw9Z7VkYZiI6lBZS2v4ZH
bvPBTPDjD7c3UUzHeY7F9IqAyY7UlPC+tKcqYyKIXnHm0xiPj6Z6aQRq3E/sM6eP
MLpiuMNEIhoy4AO+5wsexERfgWe5oGdkaXFO+kO1z7eqyZbsFaMZiTBkMRW9M1wo
SJ5l5Acl5MCwVhCzuiCJQG9znCCpgKwcqLwNlEWDQmK0n/suhIotMkDTeYP4nvoo
EimlTT08Yap2O66MwXGQPRwhZPN76HarJB0n08XPNEpjmg+LgF1dZuPrJIVbGL8L
aeK+eRW64IEikTR7B2mq/gKFGWWsq6fsk6TFRtnjJp4McfYsaRx8L40YzJwCPIec
P7dDNk4Tt5D3Psa+jU4e0f1hCBN+Chsd1LFfP55e9GtC/BHRg1E=
=kzuc
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY0y1jMkNZI30y1K9AQhiTQ/8D2EOlGbFuv3xNxOUgwnVcwrL72gU4ej5
gLt2ljis00kgZw4g8QWqwcz6Hc6xbxYJR4K48hWZZOao0acWVvqrH7xhrjysxUJp
CBKY+rMTIIMxQvvwhrYK4KD6JUFCDame/4W8KicLXPgbZ5ssKETMWiul77GBR220
4YTEx9LOXKOs0JRIE/557VjYw0X9Ro9k6YKLVLLYaN9T82VtP3NS1bJzcPI04Oe3
6POxpIZNRP8aJE4i1NYVwX06VJjocCLLLrPsuLdZHA8ZuUhNkPrFRfz62qaP0sZZ
tBdj8dgu5SZS3qBBmNJjrjXiL1LNooLI5LZvNjne5I9FfW9K39P5MX8d0CJIRpcV
jy+XsTS7qx7rbnjx8bvS0h3FQW45NggA2sci9akm0OEY4JfPQy3HbThj7w3DKprc
B8XFM4Ft88W6PwvO4F7nuuMKnO7XtqAiQwt8Hv5A8uDksJOcQyhma+4u8/E7vKz4
8VmzqlxodSo2mRbVrCnt5/0+3pgUQmckp6ZhhNZTpoCS2A9X+8kOoSNYUkZLe1Da
X1R3nI9tVb7a7+abpYnIlVIOijOJTeMH0nwF9+889pfsFb5TV2BbDOcdHiD+Xfx7
Yg1d2AoDBWI5jS+V/Vj87n1N5kqKc2Po6y3tPO25ojTg1BsNZKe9KKeFZg08G1Ku
P6FhOZSHQ64=
=NeMR
-----END PGP SIGNATURE-----